Okta + Mulesoft Anypoint (OIDC provider)

In this example, Mulesoft Anypoint is proxying a 'solar system' API. Mulesoft is using Okta's OAuth2-based authorization to check for a valid access token and the required scopes for the requested endpoint.

Just authenticate as one of the users on the right to get started.

Access token, decoded claims (via /introspect endpoint)
Access token is available in console
[none]

readme

In this scenario, one user (Clark Kent) is subscribed to the "silver" level of access, which means he will be able to access the /planets endpoint with his access token by virtue of the "http://myapp.com/scp/silver" scope. Okta will mint the access token and include the "http://myapp.com/scp/silver" scope because Clark belongs to the "silverSubscribers" group in Okta.

Similarly, another user (Lois Lane) is subscribed to the "gold" level of access, which means she will be able to access the /moons endpoint, and she will also be able to access the /planets endpoint by virtue of the scopes included in her access token.

Try clicking on the buttons as an unauthenticated user, and then as Clark and Lois to get a sense of how the access tokens work with the API endpoints.

SILVER Access: A list of the planets

username: clark.kent
password: mars

proxy endpoint: http://okta-solar-system.cloudhub.io/planets

Planets

GOLD Access: A list of (selected) moons

username: lois.lane
password: mars

proxy endpoint: http://okta-solar-system.cloudhub.io/moons

Moons